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- Extensions of time may be available under the provisions of 37 CFR 1.136(a). In no event, however, may a reply be timely filed 
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6) S Claim(s) 1-22 is/are rejected. 
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DETAILED ACTION 



1. 



The amendment filed on 19 July 2004 has been noted and made of record 



2. 



Claims 1-22 have been presented for examination. 



Response to Arguments 



3. Applicant's arguments with respect to claims 1-22 have been considered but are moot in 
view of the new ground(s) of rejection. 

4. See further rejections that follow. 



5. The following is a quotation of the second paragraph of 35 U.S.C. 1 12: 

The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the 
subject matter which the applicant regards as his invention. 

6. Claims 1-22 are rejected under 35 U.S.C. 112, second paragraph, as being indefinite for 
failing to particularly point out and distinctly claim the subject matter which applicant regards as 
the invention. The Examiner would like to point out that where applicant acts as his or her own 
lexicographer to specifically define a term of a claim contrary to its ordinary meaning, the 
written description must clearly redefine the claim term and set forth the uncommon definition so 
as to put one reasonably skilled in the art on notice that the applicant intended to so redefine that 
claim term. Process Control Corp. v. HydReclaim Corp., 190 F.3d 1350, 1357, 52 USPQ2d 
1029, 1033 (Fed. Cir. 1999). In addition, the Applicant fails to meet the requirements of 
redefining a term as set forth in the MPEP § 2106. In order to define/redefine a term, the 
Applicant must do so "with reasonable clarity, deliberateness, and precision" and must " set out 
his uncommon definition in some manner within the patent disclosure' so as to give one of 
ordinary skill in the art notice of the change" in meaning. The term "certificate" in claims 1-19 



Claim Rejections - 35 USC§112 
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is used by the claim to mean, "an identifier to indicate that a file is virus-free", while the 
accepted meaning is "An attachment to an electronic message used for security purposes. The 
most common use of a digital certificate is to verify that a user sending a message is who he or 
she claims to be, and to provide the receiver with the means to encode a reply." The term is 
indefinite because the specification does not clearly redefine the term. 

Claim Rejections - 35 USC § 103 

7. The text of those sections of Title 35, U.S. Code not included in this action can be found 
in a prior Office action. 

8. Claims 1, 3, 4, 7, 9, 1 1-18 and 21-22 are rejected under 35 U.S.C. 103(a) as unpatentable 
by U.S. Patent 6,154,844 to Touboul et al., hereinafter Touboul, in view of U.S. Patent No. 
6,094,731 to Waldin et al., hereinafter Waldin. 

9. As per claims 1,12, and 13, Touboul teaches a method, for use in a virus-free certificate 
authority, of generating a virus-free certificate certifying that a file is virus-free comprising the 
steps of: 

• receiving a request for a file from a server or a client system, said request 
comprising the file for which the request is being made (Figures 1 [block 120], 7 
[block 705); 

• determining whether file has been certified as virus-free (figure 7, step 720); 
If the file has not been certified as virus-free (figure 7, step 720): 

• determining whether the file is virus-free or not (figure 7, steps 750 and 755) 
(column 10, lines 5-7); 

if the file is declared virus-free (figure 7, step 760): 
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• generating a certificate comprising a file signature for certifying that said file is 
declared virus-free by the virus-free certificate authority (figure 6, step 635 
performed during step 750 in figure 7); 

• integrating the generated certificate in the file (figure 6, step 635 performed 
during step 750 in figure 7); 

• sending back in response to the request the file with the integrated certificate 
(figure 7, step 770). 

10. Touboul does not disclose a virus-free certificate request and certifying that a file is virus 
free. 

11. Waldin discloses certifying a file is virus free (column 6, lines 10-15). 

12. It would have been obvious to one of ordinary skill in the art as the time the invention 
was made to certify a file as virus-free, since Waldin discloses at column 2, line 54 to column 3, 
line 4 that such a modification would eliminate redundant scanning for at least some computers, 
thereby allocating more system resources. 

13. Regarding claim 3, Touboul teaches that the file comprised in the virus-free certificate 
request contains an integrated virus-free certificate (figure 7, step 725). 

14 Regarding claim 4, Touboul teaches the steps of: 

If the file comprises an integrated virus- free certificate, determining whether the virus- 
free certificate integrated in the file has been previously generated by the virus-free certificate 
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authority, and if that is the case (i.e. "YES" branch in figure 7, step 720), updating the virus-free 
certificate (figure 7, step 725). 

If the virus-free certificate integrated in the file has not been previously generated by the 
virus-free certificate authority, then generating a new virus-free certificate (i.e. "NO" branch in 
Figure 7, step 720 followed by step 750). 

15. That is, Touboul teaches that the network system may include multiple inspectors (i.e. 
certification authorities), wherein each inspector may provide a different content inspection. 
Each inspector would attach a corresponding DSP and a certificate verifying the authenticity of 
the attached DSP (column 5, lines 48-55). Thus, it can be inferred that if the inspector that 
originally produced the certificate receives a downloadable with an integrated certificate, the 
certificate is updated (i.e. authenticated). But if an inspector different from the one that 
originally produced the certificate receives it, the downloadable is inspected and a new certificate 
is attached to it. 

16. Regarding claim 7, Touboul teaches that the step of determining whether the file is virus- 
free or not comprises the further step of executing one or a plurality of anti-virus programs on 
said file for detecting viruses (column 9, lines 12-17). 

17. Regarding claim 9, Touboul teaches that the virus-free certificate further comprises: 
a file identification (i.e. Downloadable ID) (column 6, lines 6-7); 

a virus-free certificate authority identification (i.e. name of the certifying authority that 
issued to certificate) (column 6, lines 12-13); 
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a public key for decrypting the file signature (i.e. the inspector's public key) (column 6, 
linell); 

1 8. Touboul does not teach that the virus-free certificate also comprises a certificate signature 
for authenticating purposes. However, the use of a certificate signature for authenticating a 
certificate is old and well known in the art. Therefore, it would have been obvious to one of 
ordinary skill in the art at the time of the invention to include a certificate signature with the 
certificate because this would provide a recognized way of authentication. 

19. Regarding claim 11, Touboul teaches that the step of generating a file signature 
comprises the further steps of: 

• hashing the file to generate a file digest (i.e; Downloadable ID) (column 8, lines 
61-63); 

• encrypting the file digest (i.e. Downloadable ID) using a private key (column 6, 
line 5). 

20. As per claims 14, 21, and 22, Touboul teaches a method, for use in a server or client 
system, of determining that a file is virus-free comprising the steps of: 

• determining whether a file is certified as virus-free (figure 7, step 720); 
if a certificate is integrated within the file: 

• authenticating the certificate, said certificate comprising a certificate signature 
(Figure 7 [block 725], column 6, lines 10-13); 
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• authenticating the file, said certificate comprising a file signature (i.e. 
Downloadable ID), said file signature certifying that said file has been declared 
virus-free by a certifying authority (i.e. each inspector would attach a 
corresponding DSP and a certificate verifying the authenticity of the attached 
DSP) (Figure 7 [block 735], column 5, lines 52-54). 

21 . Touboul does not disclose certifying a file as virus free. 

22. Waldin discloses certifying a file is virus free (column 6, lines 10-15). 

23. It would have been obvious to one of ordinary skill in the art as the time the invention 
was made to certify a file as virus-free, since Waldin discloses at column 2, line 54 to column 3, 
line 4 that such a modification would eliminate redundant scanning for at least some computers, 
thereby allocating more system resources. 

24. Regarding claim 15, Touboul teaches that the step of authenticating the file comprises the 
further steps of: 

• decrypting the file signature (i.e. Downloadable ID) using a public key comprised 
in the virus-free certificate (column 9, lines 36-41). 

• hashing the file to generate a file digest (column 9, lines 44-45); 

• comparing the decrypted file signature with the generated file digest (column 9, 
lines 49-52). 

25. Regarding claim 16, Touboul teaches that the step of authenticating the virus-free 
certificate comprises the further step of validating the virus-free certificate. That is, Touboul 
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teaches that the virus-free certificate may include an expiration date (column 6, lines 11-16; 
column 9, line 37-40). Therefore, it can be inferred that the step of authenticating the virus-free 
certificate may include not only the authenticating of the Downloadable ID, but also the 
validating of the expiration date. 

26. With regards to claim 17, Touboul teaches that the step of validating the virus-free 
certificate comprises the further step of: 

• determining whether the virus-free certificate is valid or not (column 6, lines 1 1- 
16; column 9, line 37-40); 

If the virus-free certificate is not valid (figure 7, step745): 

• requesting a virus-free certificate update or an updated virus-free certificate 
update to a virus-free certificate authority (figure 7, step 750). 

27. Regarding claim 18, Touboul teaches that the virus- free certificate further comprises: 
a file identification (i.e. Downloadable ID) (column 6, lines 6-7); 

a virus-free certificate authority identification (i.e. name of the certifying authority that 
issued to certificate) (column 6, lines 12-13); 

a public key for decrypting the file signature (i.e. the inspector's public key) (column 6, 

linell). 
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28. Claims 2, 5-6, 8, and 19-20 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Touboul in view of Waldin as applied above, and in further view of U.S. Patent 6,275,937 
to Hailpern et al., hereinafter Hailpern. 

29. Regarding claim 2, Touboul and Waldin teach the system of claim 1 as discussed above. 

30. Touboul and Waldin do not teach that the virus-free certificate request comprises a list of 
one or a plurality of anti-virus programs to execute on the file to determine whether the file is 
virus-free or not. 

3 1 . Hailpern discloses a collaborative method of virus checking data object in a network of 
servers (column 1, lines 25-27). 

32. Hailpern teaches including within a virus-free certificate request (i.e. PRRR) a list of one 
or a plurality of anti-virus programs to execute on a file to determine whether the file is virus- 
free or not (column 9, lines 61-63), (column 10, lines 37-67). 

33. Therefore it would have been obvious to one of ordinary skill in the art at the time of the 
invention to modify the system of Touboul and Waldin with the teachings of Hailpern to include 
within a virus-free certificate request a list of one or a plurality of anti-virus programs to execute 
on a file to determine whether the file is virus- free or not with the motivation to establish a 
collaborative method for processing the files (Hailpern, column 3, lines 65-66). 

34. Regarding claim 5, Touboul and Waldin do not teach that the file further comprises a file 
header comprising: 

• a non encrypted file signature; 

• a file length; 
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• a product name. 

35. Hailpern teaches a file (i.e. http request/response) comprising a file header comprising: 

• a non encrypted file signature (figure 10, step 7020); 

• a file length (column 2, line 15); 

• a product name (i.e. information or data associated with a given object) (column 
2, line 10). 

36. Therefore it would have been obvious to one of ordinary skill in the art at the time of the 
invention to modify the system of Touboul and Waldin with the teachings of Hailpern to include 
that the file further comprises a file header comprising a non encrypted file signature, a file 
length; and a product name with the motivation to establish a collaborative method for 
processing the files (Hailpern, column 3, lines 65-66). 

37. Regarding claims 6 and 19, Touboul and Waldin teach that the step of integrating the 
virus-free certificate in the file comprises the further step of: 

• appending the virus-free certificate to the file (figure 6, step 635). 

38. Touboul and Waldin do not teach the additional steps of: 

• modifying the file header, preferably: 



o 



the non encrypted file signature; 



o 



the file length; 



o 



a product name, said product name comprising means for identifying the 



integrated virus-free certificate. 
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Hailpern teaches the updating of header fields as a result of the modification of a data object (i.e. 
the PJ.Header is modified, if necessary, to reflect the new, processed data [e.g. the value of the 
"length" field may have changed due to modifications made to the data objects by one or more of 
the processes, such as IBM Antivirus]) (column 17, lines 14-19). The Examiner infers that 
likewise, the other affected fields in the header (i.e. file signature and product name) are also 
updated. 

39. Therefore it would have been obvious to one of ordinary skill in the art at the time of the 
invention to modify the system of Touboul and Waldin with the teachings of Hailpern to include 
the additional steps of modifying the file header, preferably the non encrypted file signature; the 
file length; and a product name comprising means for identifying the integrated virus-free 
certificate with the motivation to establish a collaborative method for processing the files 
(Hailpern, column 3, lines 65-66). 

40. Regarding claim 8, Touboul and Waldin teach the system of claim 1 as discussed above. 

41 . Touboul and Waldin, however, do not teach that the virus-free certificate further 
comprises a list of the anti-virus programs that have been executed on the file. 

42. Hailpern discloses a certificate (i.e. listing of the results of applying anti-virus checking) 
(column 13, line 29) comprising a list of the anti-virus programs that have been executed on a 
file (column 13, lines 30-36). 

43. Therefore it would have been obvious to one of ordinary skill in the art at the time of the 
invention to modify the system of Touboul and Waldin with the teachings of Hailpern to include 
that the virus-free certificate further comprises a list of the anti-virus programs that have been 
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executed on the file with the motivation to establish a collaborative method for processing the 
files (Hailpern, column 3, lines 65-66). 

44. Regarding to claim 20, Touboul and Waldin teach the method of claim 14. 

45. Touboul and Waldin do not teach that the step of determining whether a virus-free 
certificate is integrated within a file comprises the further step of determining whether a product 
name within a file header comprises means for identifying the integrated virus-free certificate. 

46. Hailpern teaches that a product name within a file header comprises means for 
identifying the integrated virus-free certificate (i.e. a PICS Processing Label is a conventional 
PICS Label which allows servers having features of the current invention to indicate the 
processing they have applied to a piece of data they return or transfer by including the label in 
the HTTP header as an additional field) (column 12, lines 50-54) (column 13, lines 28-36). 

47. Therefore it would have been obvious to one of ordinary skill in the art at the time of the 
invention to modify the system of Touboul and Waldin with the teachings of Hailpern to include 
that the step of determining whether a virus-free certificate is integrated within a file comprises 
the further step of determining whether a product name within a file header comprises means for 
identifying the integrated virus-free certificate with the motivation to establish a collaborative 
method for processing the files (Hailpern, column 3, lines 65-66). 

48. Claim 10 is rejected under 35 U.S.C. 103(a) as being unpatentable over Touboul and 
Waldin as applied above, and in further view US 200301 10376 Al and Wiener et al., hereinafter 
Weiner. 
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49. Regarding claim 10, Touboul and Waldin teach the system of claim 1 as discussed above. 

50. Touboul and Waldin do not teach the further steps of: 

• identifying the server or client system where the file comprising the integrated 
virus-free certificate is stored; 

• updating the file with the integrated'virus-free certificate. 

5 1 . Wiener discloses a system for providing certificate lifetime data (see Abstract). 

52. Wiener teaches identifying a server or client where are file comprising a certificate is 
located and updating the file with the certificate (i.e. after the manager 12 has received the new 
digital signature key pair from the client unit, the manager 12 creates a new digital signature 
certificate containing the selected public key expiry data as entered by the security officer, for 
the client generating the digital signature key pair update request. The manager 12 associates the 
selected expiry data with the new key pairs as indicated by linking the selected expiry data with 
the public digital signature key as shown in block 46. The manager sends the new digital 
signature certificate to the requesting client on the secure online path) (see par. 0022). 

53. Therefore it would have been obvious to one of ordinary skill in the art at the time of the 
invention to modify the system of Touboul and Waldin with the teachings of Wiener to include 
the additional steps identifying the server or client system where the file comprising the 
integrated virus-free certificate is stored; updating the file with the integrated virus-free 
certificate with the motivation to establish a method of updating certificates that is effectively 
transparent to a user (Wiener, par. 0006). 
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Conclusion 

54. The prior art made of record and not relied upon is considered pertinent to applicant's 
disclosure. 

55. The following patents are cited to further show the state of the art with respect to 
certifying files as virus-free, such as: 

United States Patent No. 5,606,609 to Houser et al. 5 which is cited to show electronic 
document verification. 

United States Patent No. 6,092,194 to Touboul, which is cited to show protecting a 
computer and a network from hostile downloads. 

United States Patent No. 6,021,510 to Nachenberg, which is cited to show an anti-virus 
accelerator. 

United States Patent No. 6,577,920 to Hypponen, which is cited to show computer virus 
screening. 

56. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Christian La Forgia whose telephone number is (571) 272-3792. 
The examiner can normally be reached on Monday thru Thursday 7-5. 

57. If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz Sheikh can be reached on (571) 272-3795. The fax phone number for the 
organization where this application or proceeding is assigned is 703-872-9306. 



Application/Control Number: 09/665,627 



Page 15 



Art Unit: 2131 

58. Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 

Christian LaForgia 



elf 



Patent Examiner 
Art Unit 2131 




